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DETAILED ACTION 

1. The Office Action is responsive to the communication filed on 10/26/2010. 

2. Claims 1-8, 23-29, and 35-41 are pending in the application. 

Continued Examination Under 37 CFR 1.114 

3. A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 1 1/10/2010 has been entered. 

Allowable Subject Matter 

4. Claims 3-8 are allowed. Claim 36 is objected to. 

Response to Amendment 

5. The amendment, filed on 10/26/2010, has been entered. 

Response to Arguments 

6. Applicant's arguments with respect to claims 1, 3, and 23 have been considered but are 
moot in view of the new ground(s) of rejection. 
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Claim Rejections - 35 USC § 103 



7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



8. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 



9. Claims 1 and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hildebran et al. (PG/Pub 20040103202) in view over Wood et al. (USPN 6944761) and in 
further view over Maclnnis (PG/Pub 20030028899) 

10. As per claims 1 and 23, Hildebran et al. teaches a method comprising: 
receiving, at a server, a request from a client to take an action with respect to an electronic 
document residing at the client (r00131, r00141, r00481, r00671, r01241, r01741 e.g., it is implied 
that secured documents reside in the client and that a server grants access to the document): 
retrieving a document identifier from the request ([0013] e.g., a secured documents includes a 
header) 

determining whether user authentication is needed based on the document identifier and the 
action ([0048], [0083, [0123]); 



1. 
2. 
3. 
4. 



Determining the scope and contents of the prior art. 

Ascertaining the differences between the prior art and the claims at issue. 

Resolving the level of ordinary skill in the pertinent art. 

Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 
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subsequent to retrieving the document identifier and based on determining whether user 
authentication is needed (T00131, r00481, r00831, T01231 

However, Hildebran et al. does not teach sending information specifying an acceptable 
authentication procedure. Wood et al. teaches sending information specifying an acceptable 
authentication procedure ([Col 12 lines 1-10] e.g., sending information, i.e., querying 
authorization component, to identify a set of authentication schemes, i.e., authentication 
procedures); 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation provide a number of authentication schemes based on a required trust level of the 
user. Hildebran et al. teaches accessing secured documents ([0013]) Wood teaches that multiple 
authentication schemes (passwords, biometrics, smart cards, etc) are associated with trust levels 
of both a user and a resource ([Col 2 lines 58-67]) Since a resource, i.e., document, may require 
levels of trust and thus different levels of authentication schemes, it would have been obvious to 
implement these schemes when accessing a secured resource or document. 

receiving an authentication procedure update request (e.g. user selecting from the suitable 
authentication schemes and/or selecting a different scheme. An update request is interpreted as 
receiving a new value from the user for a desired scheme) from the client in response to client 
processing of the information (e.g., client processing a set of authentication schemes) specifying 
an acceptable authentication procedure ([Col 12 lines 1-20] e.g., an authentication procedure is 
interpreted as a name of the procedure such as login, biometric, and/or smart card. It is 
interpreted that a software program is the code for effectuating the specific authentication 
scheme/authentication procedure) ; 
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However, Hildebran et al., as modified, does not teach the following limitations. ( It is 
interpreted that a login component and biometric interface are programs that effectuate the type 
of authentication procedure. For purposes of the discussion below, a server is modified to 
include programs such as a login program and/or biometric program that may be used to 
effectuate authentication. A software version check is performed in response to the user 
selecting a scheme to ensure that the software for the scheme is updated ). Maclnnis teaches 

obtaining, at the server and in response to the authentication procedure update request, a 
software program (e.g., as modified, login or biometric program) comprising instructions 
operable to cause one or more data processing apparatus to perform operations effecting the 
authentication procedure ([0012] a login program would effectuate a login procedure); and 

sending the software program to the client for use in identifying a current user (e.g. user 
authentication) and controlling the action (e.g. based on the result of authentication, access to the 
document is granted or denied) with respect to the electronic document based on the current user 
and document-permissions information associated with the electronic document ([0012] ) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to ensure that the login and/or biometric software used for the selected 
login/biometric schemes is updated. Wood teaches that multiple authentication schemes are 
received and may be selected for use in authenticating a user. Maclnnis teaches that multiple 
software programs may downloaded to a client for use by the client. Since a login and/biometric 
application is a program, it would have been obvious to store these in the server for later 
download. It is obvious that the download would be triggered based upon a user selecting a 
potentially out of data scheme. 
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5. Claims 2, 24 ,and 35 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hildebran et al. (PG/Pub 20040103202) in view over Wood et al. (USPN 6944761) in view over 
Maclnnis (PG/Pub 20030028899) in view over Heath et al. (USPN 6006034) and in further view 
over Kano et al. (USPN 20030135650) 

6. As per claims 2, 24, and 35, Hildebran et al. does not teach a second server providing the 
software program. Kano et al. teaches a backup server ([ABSTRACT]) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to include a backup server as a means of providing redundancy. In the event of a 
failure of the primary server, it would have been beneficial to utilize a backup server as a means 
of distributing the software program, modules, and versions as they become available. 

5. As per claims 4 and 37, Hildebran et al. teaches software program uses an existing 
interface provided by the client to communicate authentication information to the server ([FIG 
1A]) 

6. Claims 5, 26, and 38 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hildebran et al. (PG/Pub 20040103202) in view over Wood et al. (USPN 6944761) in view over 
Maclnnis (PG/Pub 20030028899) further view over view over Hu (USPN 5586260) 

7. As per claims 5, 26, and 38, Hildebran et al., as modified, teaches receiving credentials 
information from the client derived at least in part based on input obtained by the client using the 
software program (e.g., supra claim 1) but does not teach communicating with a third part 
authentication server to authenticate the current user based on the credentials information. Hu 
teaches a third party authentication server ([ABSTRACT]) 
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Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to implement a third party authentication server as taught by Hu et al. Hu teaches a 
method for authenticating a client for a server, Hildebran et al. teaches a system for 
authenticating a user/client to enable access to content stored on a server. Since a third party 
authentication server provides a well known means in which to maintain, store, and retrieve 
credentials, it would have been advantageous to provide this server as an additional means, in 
effect providing both redundancy in addition to reducing load on the primary server. 

8. As per claims 6 and 39 Hildebran et al. teaches the method of claim 5, wherein the input 
obtained by the client comprises text input ([Col 12 lines 1-10 e.g., login/password]). 

9. As per claims 7 and 40, Hildebran et al. teaches the method of claim 5 wherein the input 
obtained by the client comprises biometric data (Col 12 lines 1-10] e.g. biometric scheme). 

10. As per claims 8,27, 38, and 41, Hildebran et al., as modified., teaches receiving input 
from a client using the software (e.g., login/biometric software). It does not teach receiving an 
authentication receipt from a third party authentication server based on input obtained by the 
client using the software. Hu teaches returning an access key from an authentication gateway 
acting as a proxy server to the client, i.e., receipt, based on credentials ([ABSTRACT], [COL 1 
lines 58-63] e.g., receiving an authentication receipt from a third party authentication server) and 
verifying the current user with the third party authentication server using the authentication 
receipt ([COL 1 lines 18-20], lines 59-63], [ABSTRACT] e.g., authenticating a client) 

Therefore, at the time the invention was made, it would have been obvious to have provided a 
means in which to authenticate a client via saving security credentials,. Hildebran et al. teaches 
authenticating a user via credentials as to enable access to content on a server. Hu et al. teaches 
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saving security credentials for later use and generating an access key for their retrieval and 
passing the access key to the client. In effect, saving the security credentials for later use and 
providing an access key for their retrieval obviates the need for repeated authentication. As a 
result, the system is further optimized and limits redundant authentication procedures. 

11. Claim 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over Hildebran et al. 
(PG/Pub 20040103202) in view over Wood et al. (USPN 6944761) in view over Maclnnis 
(PG/Pub 20030028899) and in further view over Boozer et al. (USPN 7370344) 

12. As per claim 25, Hildebran et al., as modified, teaches the system of claim 23 but does 
not teach wherein the client includes a security handler. Boozer et al. teaches a security handler 
(64) for receiving a request and examining whether the request should be granted ([Col 2 lines 
20-29]) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to modify Hildebran et al. to integrate a security handler, as per Boozer et al., to 
verify whether a request to access content within the media server should be granted. The 
motivation is to cope with a diverse set of users and ensure that only trusted users may gain 
initial access to the information. The security handler provides an additional layer of protection 
on top of the download manager's authentication procedure. 
19. As per claim 28, Hildebran et al., as modified, teaches a server comprising: 
a server core with configuration and logging components ([0013) 
an internal services component that provides functionality across dynamically loaded 
methods ([0013]) 
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dynamically loaded external services providers, including an authentication service 
provide ([0023], [Figure ID) 

20. Claim 29 is rejected under 35 U.S.C. 103(a) as being unpatentable over Hildebran et al. 
(PG/Pub 20040103202) in view over Wood et al. (USPN 6944761) in view over Maclnnis 
(PG/Pub 20030028899) and in further view over Tenerelllo (USPN 7233981) 
7. As per claim 29, Hildebran et al. teaches a business logic tier comprising a cluster of 
document control servers ([Figure ID); an application tier including the client comprising a 
viewer client, a securing client, and an administration client ([FIG ID]). However, Hildebran et 
al. does not teach a load balancer that routes client requests to the document control server. 
Tenerello teaches a system and method for load balancing ([COL 1 lines 14-20], [COL 2 lines 
63-67]) 

Therefore, at the time the invention was made, one of ordinary skill would have motivation 
to load balance a system. Hildebran et al. teaches that various user computers may access 
content objects ([Figure ID]) Tenerello teaches a load balancing means in which multiple 
requests may be efficiently processed. Since load balancing increases performance of a system, 
it would have been obvious to have enabled a system employing multiple user computers, each 
requesting access to a resource, a means to load balance the requests as to optimize the system. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DARRTN DUNN whose telephone number is (571)270-1645. 
The examiner can normally be reached on EST:M-R(8:00-5:00) 9/5/4. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert DeCady can be reached on (571) 272-3819. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/DD/ 

04/23/2011 



/Albert DeCady/ 
Supervisory Patent Examiner 
Art Unit 2121 



